An interface between a site and an external network for screening 
packets on the external network, each packet having an associated 

source address, the interface comprising: 

a. an heuristic profiler for ascribing a characteristic value to each 
address on the external network based at least on prior activity 
associated with the address; and 

b. a filter for selectively passing a particular packet from the 
external network to the site based at least on the characterizing 
value ascribed by the heuristic profiler to the source address 
associated with the particular packet. 

An interface in accordance with claim 1, wherein the hexiristic profiler 
ascribes a characteristic value to each known address on the external 
network based at least on characteristics of prior packets received by 
the site bearing the source address associated with the particular 
packet. 

An interface in accordance with claim 1, wherein the site is a 
computer. 

An interface in accordance with claim 1, wherein the site is a local 
network of computers. 

An interface in accordance with claim 1, wherein the site is a web 
server. 

The interface of claim 1, further comprising a firewall in 
communication with the site, the firewall interposed between the site 
and the network. 

The interface of claim 1, further comprising a load monitor for 
monitoring the traffic of packets between the network and the site 
relative to a specified nominal load. 

The interface of claim 7, wherein the filter selectively passes a 
particular packet based at least on the monitored traffic of packets. 
The interface of claim 1, further comprising a history module for 
developing a time profile of observations of packets received from 



associated source addresses. 

10. A method for screening a flow of packets between a site and an 
external network, each packet having an associated soiirce address, the 
interface comprising: 

a. ascribing a hierarchical value to a subset of addresses on the 
external network based at least on prior activity associated with 
each address of the subset; and 

b. selectively passing packets from the external network to the site 
based at least on the hierarchical value ascribed to the source 
address associated with each packet. 

11. A method according to claim 10, further comprising checking each 
packet for compliance with specified protocol standards. 

12. A method according to daim 10, further comprising developing a time 
profile of observations of packets received from associated source 
addresses. 

13. A method according to claim 10, further comprising the step of 
monitoring the traffic of packets between the network and the site 
relative to a specified nominal load. 

14. A method according to claim 13, further including the step of setting a 
threshold standard based on the monitored traffic of packets between 
the network and the site. 

15. A method according to claim 14, wherein the step of selectively 
passing packets from the external network to the site is based, at least 
in part, on the hierarchical value ascribed to the source address 
associated with each packet relative to the threshold standard. 

16. A method for characterizing a subset of a universe of network 
addresses, each address corresponding to an associated device, the 
method based at least on observation of a transmission from each 
associated device, the method comprising: 

a. recording occurrence of an observation; 

b. recording a time associated with the observation; 

c. retaining a timed profile of observations of transmissions from 
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each associated device; and 
d. using the timed profile to assign a hierarchical value to each 

network address of the subset. 
A computer program product for use on a computer system for 
screening data flov^ between an external network device and a local 
site, the computer program product comprising a computer usable 
medium having computer readable program code thereon, the 
computer readable program code comprising: 

a. program code for ascribing a hierarchical value to a subset of 
addresses on the external network based at least on prior 
activity associated with each address of the subset; and 

b. program code for selectively passing packets from the external 
network to the local site based at least on the hierarchical value 
ascribed to the source address associated with each packet. 
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